There has been plenty of times in the past where I used to dread reviewing the Programs and Features’ View installed updates window in search for a hotfix that I need to remove:
This is especially the case with older operating systems when a seemingly endless list of hotfix updates have been installed and scrolling through the list isn’t exactly a pleasant experience:
I’ve also been asked in the past to perform an audit for incidents where a server wasn’t supposed to be patched was patched and the manager wanted to know how installed them. As some may know, right clicking on the column headings gives you additional fields that you can choose to add but it does not provide a column to list what account installed them:
With the challenges mentioned above in mind, the PowerShell cmdlet I’ve enjoyed using over the past year to manage Windows hotfix updates is the:
This cmdlet will simply list out all of the hotfixes along with the following headings:
Definitely one of the cmdlets I’ve used most when trying to get an idea as to what updates have been installed onto a server because I can dump this to a file with the > and do a quick search in Notepad.
If you would like the searches to be ordered by a certain column you can simply add the following to the end of the cmdlet:
Get-HotFix | Sort-Object Description
Note that the list is not sorted by the Description column. You can use the -descending switch as such to reverse the order in descending order:
Get-HotFix | Sort-Object Description -descending
You can also use multiple columns to sort the list:
Get-HotFix | Sort-Object Description,HotFixID
You can also execute this command (PowerShell Remoting does not need to be turned on) to list a remote server’s list of hotfixes with:
Get-HotFix -ComputerName <ComputerName>
If you’re looking for a specific hotfix, you can also use the Where command to find a match such as the following:
Get-HotFix | Where HotfixID -match "2995004"
A command I use quite frequently when trying to remove hotfixes is the wusa.exe command with the following format:
wusa.exe /uninstall /kb:<KB Number>
Additional switches such as the /quiet and /norestart are also commonly used.
More information can be found at the following TechNet article: